From a246b5cb28d46e05078f5ad740998c21c902cb7b Mon Sep 17 00:00:00 2001
From: Travis Truman <travis_truman@cable.comcast.com>
Date: Wed, 22 Jun 2016 11:44:27 -0400
Subject: [PATCH] Configure ml2 firewall driver "iptables_hybrid" for OVS

Adding the recommended configuration to the securitygroup
configuration group in the ml2 agent configuration.

This iptables_hybrid driver is recommended for the classic,
provider and L3HA OVS scenarios here:
http://docs.openstack.org/mitaka/networking-guide/deploy.html

Change-Id: Ie9661d1095d0c9a95eec42537748bc14a7b01c28
Implements: blueprint support-openvswitch
---
 templates/plugins/ml2/ml2_conf.ini.j2 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/templates/plugins/ml2/ml2_conf.ini.j2 b/templates/plugins/ml2/ml2_conf.ini.j2
index ecf8ba31..aabe89ef 100644
--- a/templates/plugins/ml2/ml2_conf.ini.j2
+++ b/templates/plugins/ml2/ml2_conf.ini.j2
@@ -34,5 +34,8 @@ vni_ranges = {{ neutron_provider_networks.network_vxlan_ranges }}
 
 # Security groups
 [securitygroup]
+{% if neutron_plugin_type == 'ml2.ovs' %}
+firewall_driver = iptables_hybrid
+{% endif %}
 enable_security_group = True
 enable_ipset = True